Cisco Certified Internetwork Expert (CCIE) Practice Test

Which two statements about MAB are true? (Choose two)

• A. MAC addresses stored in the MAB database can be spoofed
• B. It operates at Layer 2 and Layer 3 of the OSI protocol stack
• C. It can be used to authenticate network devices and users
• D. It serves at the primary authentication mechanism when deployed in conjunction with 802.1x

The correct answer is: MAC addresses stored in the MAB database can be spoofed

MAB, or Mac Authentication Bypass, is primarily used for authenticating devices based on their MAC addresses when they are unable to perform 802.1x authentication. One critical aspect of MAB is that MAC addresses stored in its database can be spoofed by malicious users. This vulnerability arises because an attacker can adopt the MAC address of a legitimate device, thereby gaining unauthorized access to the network. Hence, the statement regarding the potential for MAC address spoofing is correct. Additionally, MAB can indeed authenticate network devices and users. It serves as an alternative authentication method that allows non-802.1x capable devices, like printers or cameras, to access the network based solely on their MAC addresses. This means that MAB is capable of authenticating devices in situations where more sophisticated methods are not applicable, emphasizing its utility in diverse network environments. While it is true that MAB operates primarily at Layer 2 of the OSI model, its focus does not extend effectively into Layer 3; rather, it is a simpler process that mainly relies on MAC addresses rather than integrating deeper into the TCP/IP stack for authentication. Furthermore, although MAB can theoretically be utilized alongside 802.1x, it does not serve as the primary mechanism when